Defence

What Telcos Might Be Good For:

Leading the Charge in the Cyber War

Businesses are increasingly taking cybersecurity seriously, but they are only one part of the puzzle. GlobalData Technology’s Kathryn Weldon considers how telcos are beginning to play a greater role

Endless new threats impacting businesses and consumers are driving demand for IT and cybersecurity products and services. Besieged IT departments – charged with the task of protecting against invisible thieves and miscreants – and their bosses, who have been firmly pulled into cybersecurity decision-making, are desperate to thwart attacks.

It’s starting to feel like an endless war.

CEOs began taking responsibility for data breaches a couple of years ago, and mega-breaches, such as the one suffered by Equifax in 2017, are now being punished in the stock market. Even mid-sized and smaller businesses, as well as public sector organisations, are being exposed to new cyber-related peril by everything from ransomware demands to potential GDPR breach penalties.

It’s causing up to 73% of enterprises to prioritise spending in areas such as identity and access management systems, end-point security and anti-virus products, vulnerability management software, and data loss prevention tools.

Security products currently in use and those that are prioritised for investment in the next 2 years

Over the next two years as many as 70% of all enterprises are prioritising security services such as intrusion detection and prevention, through tools such as managed firewalls, and security incident and event management services – a difficult function to handle in-house for the typical company lacking dedicated security skills.

Security services currently in use and those that are prioritised for investment in the next 2 years

There is a foreboding sense that even with such prioritised investments, it is never going to be enough to fight against unknown external threats. Indeed, something like vulnerability management is literally installing ‘patches’ on out of date software – the digital equivalent of sticking a small plaster on a wound of undetermined size.

With hundreds of potential solutions that might help mitigate certain cyber threats but definitely won’t magically solve the greater existential threat, organisations and their clients may be indulged for wondering who else is going to step up and own this fight?

Calling up the troops: telco’s role in cybersecurity

No one ‘owns’ the responsibility for global cyberspace, so there is no reason to expect a single actor or entity to do so. At the EU and national levels, governments have established five-year strategies to secure the digital environment, but what about the IT and internet service providers impacted most directly, monitoring and analysing billions of daily cyber events, many of which turn out to be security incidents?

Recently, BT stepped up and put its hand up, challenging the other broadband and connectivity providers in the UK to start sharing information about malicious software and websites on a much larger scale. It has launched a free collaborative online platform to share its own threat intelligence data across the ISP community in a secure and trusted way, as it continues efforts to protect consumers and businesses from what has become a global cyber-crime industry.

BT’s effort is in direct response to an initiative led by the National Cybersecurity Centre (NCSC) to enable ISPs to share detection events, as outlined in its new report, Active Cyber Defence – One Year On, which details its ongoing efforts to disrupt millions of online commodity attacks against the UK.

“What about the IT and internet service providers impacted most directly, monitoring and analysing billions of daily cyber events, many of which turn out to be security incidents?”

As a result, BT now alerts other ISPs in the country to any malicious domains associated with malware control that it identifies using its advanced threat intelligence capabilities. ISPs can then choose whether to take any action to protect their customers by blocking such harmful malware. To date, BT has identified and shared over 200,000 malicious domains since initiating the sharing of threat information at the end of 2017.

Unlike most businesses, BT has the skills and advanced technologies in-house to join the battle at a national, and even global level (its team of more than 2,500 cybersecurity experts around the world are currently preventing the delivery of 50 million malicious emails with 2,000 unique malicious attachments every month – or nearly 20 malicious emails every second). And, given its ownership of critical infrastructure, it has more motivation than most to fight back hard.

It’s not the only telco doing so.

Another large European operator with global interests is preparing to launch in April a new cyber threat alliance taking intelligence feeds from the world’s leading network and security platform vendors, global software giants, and telcos from around the world – all incentivised to share their unique threat data with the alliance in order to benefit from the larger intelligence pool.

With the goal being to protect customers in near real-time while disrupting malicious actors and elevating overall security, the alliance seeks to strengthen global critical infrastructure for the greater good.

Such efforts won’t stop businesses from spending on firewalls and software patches, or from subscribing to managed security services. Indeed, these things all help to channel new threat information to experts behind the technology who are constantly seeking to improve its efficacy. And with big telcos stepping up to gather, analyse, and take action collectively on those cyber events and incidents in support of the ‘greater good’, some measure of progress in the endless war could soon be evident.